CB Captcha Plugin

5 months 4 days ago #334298 by tmoran
CB Captcha Plugin was created by tmoran
I'm trying to find/enable the CB Captcha Plugin???
Does it still exist?

We got hacked last night and our CB Subs was targeted... the payment gateway we use is insisting a captcha be employed.

Please Log in to join the conversation.

5 months 4 days ago #334299 by krileon
Replied by krileon on topic CB Captcha Plugin
Captcha is provided as part of CB AntiSpam. In what way were you hacked? What payment gateway are you using?


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

5 months 4 days ago #334302 by tmoran
Replied by tmoran on topic CB Captcha Plugin
Hi Krileon,

It's Eway. We got attacked on all fronts and CB Subs in particular. Eway processed 30 fraudulent transactions before suspending our account. They insist we have a captcha on CB Subs before we can re-commence trade. I have CB AntiSpam installed and enabled, but it doesn't appear to have any captcha on it, just IP blocks/attempts... which it didn't block?

Cheers,
Tony.

Please Log in to join the conversation.

5 months 4 days ago #334303 by tmoran
Replied by tmoran on topic CB Captcha Plugin
I've disabled the Eway plug in BTW, until the issue has been resolved.

Please Log in to join the conversation.

5 months 4 days ago - 5 months 4 days ago #334305 by krileon
Replied by krileon on topic CB Captcha Plugin
Doesn't sound like a compromise of CBSubs. Sounds like they registered some bots and just attempted transactions with likely stolen cards. So it doesn't sound like you were hacked either. Just frustrating bot spam.

Protecting your registration with CB AntiSpam can certainly keep a large chunk of bots out, but they're getting more and more sophisticated due to AI. I recommend setting up mod_security on the server side of things as well to help protect against common exploits as well.

Please PM backend super user login credentials (see link in my forum signature) and can at least take a look to confirm it was just bot spam.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

5 months 4 days ago #334308 by krileon
Replied by krileon on topic CB Captcha Plugin
So far I don't see any problems. It looks like bots just attempted payments with stolen cards. That's not your fault or the implementations fault.

We're using hosted payments for eWay. This means all CBSubs is responsible for is redirecting to eWay with an amount to be billed. eWay would then send them back and CBSubs would confirm the payment. At no point is the payment handled by CBSubs in any way. This was implemented years ago using the documentation at the below links which doesn't appear to exist anymore and they didn't bother setting up redirects for.
https://www.eway.com.au/Developer/eway-api/shared-payment-solution.aspx
https://www.eway.com.au/_files/documentation/HostedPaymentPageDoc.pdf

The above however just appears to be v1 or v2 implementation of their Responsive Shared Page below. Regardless all we're doing is giving customer data to eWay and they give us a URL to redirect to. After that the payment is entirely in eWays hands.

eway.io/api-v3/#responsive-shared-page

This means all the fraudulent checks is entirely on them, but the bot problem is of course entirely on you. I do recommend securing your registration form using CB AntiSpam.

As for the payment processor there's nothing I can do there as explained above we don't handle the payment at all. If they have implementation recommendations on what we should be doing here then we can review making adjustments, but we're already sending nearly all the optional data (e.g. customer name, invoice address, etc..). If you want a more featureful provider that has modern security practices I would recommend moving to Stripe.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.535 seconds